CACE Technologies asked me to remove the Airpcap drivers v2.0 beta TX from my site, so you cannot download it anymore from oxid.it. That driver was intended for testing purposes only .... a new Airpcap driver with TX capabilities is expected to be available on their site in the future.

Mao at Hackcon#2 security conference (February 7/8 - OSLO, Norway)
I have been asked to be there as a speaker to present the latest features of my program Cain & Abel.
Detailed information at http://www.hackcon.org.

22/11/2006

I've just noticed that Cain & Abel voip features are demonstrated in the book Hacking Exposed Voip by David Endler and Mark Collier.

I've just received an AirPcap USB adapter from CACE Technologies (thanks Loris). This wonderful piece of hardware enables the capture of 802.11 frames on Windows by mean of the AirPcap driver, it is highly suggested for troubleshooting wireless networks. The adapter will be supported in the next release of Cain & Abel, stay tuned.

Thanks to all security professionals that voted for the program. I would also like to say a big thanks to all users and beta testers for the help given, donations, improvement suggestions, bug reports, and the great support.

I recently read a Washington Post articleshowing a picture of US President George W. Bush visiting the National Security Agency (NSA) headquarters in January 2006. Cain & Abel is there, displayed on the Talisker Radar in the background. Altough I'm not concerned about NSA monitoring the program's development (they are welcome), I think they are actually missing a lot of features because the version on the screen is not updated.

Your help is needed for the recovery of Pocket Outlook passwords ! They are probably stored into "pmailFolders" database under the form of security BLOBS. If you find details about the correct way to decrypt them, please send them to me and I'll update Cain as soon as possible.

19/01/2006

Cain
& Abel
v2.8.4 releasedNew features:- Rainbowcrack-Online client.
The client has been developed in collaboration with Rainbowcrack-Online team. Cain can now interact with the outstanding power of this on-line cracking service based on RainbowTable technology. The service is not free and you need a valid account to use this feature, please check current rates on their site. The communication between Cain and the web site is SSL enabled to ensure privacy of transmitted information.
- Oracle Password Cracker (Dictionary and Brute-Force Attacks).
- Oracle Password Extractor via ODBC.
- MySQL Password Extractor via ODBC.
- Program's Manual updated.

17-18/11/2005

Tokyo International Security Conference 2005
SIDC KK and M Factory Corporation of Japan have entered into an
agreement to host and sponsor the first annual Tokyo International
Security Conference (Tokyo InterSec) to be held on November 17th and
18th.
I have been asked to be there as a speaker to present the latest release of my program Cain & Abel.

17/10/2005

Cain
& Abel
v2.8 releasedNew features:
- Cisco VPN Client Password Decoder.
- Syskey Decoder. Cain can now extract the Boot Key, generated with the Syskey utility, from the local system or external SYSTEM registry files.
- NT Hashes Dumper can now extract password hashes from "off-line" SAM files encrypted with the Syskey utility.
- Wireless Zero Configuration Password Dumper.- RDPv4 session sniffer for APR.
Cain can now perform man-in-the-middle attacks against the heavy encrypted Remote Desktop Protocol (RDP), the one used to connect to the Terminal Server service of a remote Windows computer. The entire session from/to the client/server is decrypted and saved to a text file. Client-side key strokes are also decoded to provide some kind of password interception. The attack can be completely invisible because of the use of APR (Arp Poison Routing) and other protocol weakness.- Winrtgen v1.8 added to the installation package. (fastlm tables generated with a version prior to 1.7 could have problems, please update)
- Fixed a problem in the LSA Secrets Dumper causing crashes on systems with DEP enabled. Thanks to Nicolas RUFF for the bug report.
- Fixed a problem with extended ASCII characters in the Cryptanalysis Attack. Thanks to Ramius from rainbowtables.net for the bug report.
- Bug fixed in rainbow table's verification function. Thanks to all beta testers for the the bug reports.
- Bug fixed in fastlm rainbow table's algorithm.
- OpenSSL library upgrade to version 0.9.8a.

28/05/2005 - mao's birthday

Security Advisory: Remote Desktop Protocol, the Good the Bad and the Ugly. Check the topics area for details.

Cain
& Abel
v2.5 releasedFinally, release version 2.5 is out. This
does not mean that the program is now error free or that there is
nothing more to do within it, however after 65 beta version I think is now time for a release. I spent considerable time working
on this program and its documentation but things could change in
the future..... You can now help oxid.it continuing to develop freeware
software making donations to my PayPal account. The
money I receive this way goes towards my ongoing web hosting fees and other
costs that I incur by making the programs on this site available to you free
of charge.

Help
needed for WEP cracking on windows !I wrote a quick
and dirty sample program to control Prism2 based cards using
the Winpcap protocol driver and the PacketRequest API. WEP cracking
requires the capture of 802.11 frames; this program shows how to set
those cards into HostAP and monitor mode and contains functions
to get/set parameters of the Prism2 chipset. The FULL SOURCE
CODE for Visual C++ is included, I hope that you can help me on
some topics and problems I found. The code should compile without
problems but to test the program you need a Prism2 based card and
the Winpcap driver installed.
You
can download Prisma here.

23/06/2004

Winrtgen
v1.1 (Rainbow
Table Generator) releasedSome of you asked for a
graphical version of rtgen and rtsort from RainbowCrack
v1.2. Winrtgen generates rainbow tables for LM, NTLM, MD2,
MD4, MD5, SHA1, RIPEMD160, MySQL323, MySQLSHA1 and CiscoPIX hashes.
You can find Winrtgen in the projects area.
For details on tables generation please refer to RainbowCrack's
site.

14/06/2004

Cain & Abel v2.5 beta56 for NT/2000/XP releasedNew
features:- Wireless Scanner
The
scanner uses the Winpcap protocol driver so it should work on Windows
2000 and WindowsXP. I really don't know how many cards are supported,
the compatibility chart is here.
Please let me know your results.
- Winpcap library updated to version 3.1 beta3

Cain & Abel v2.5 beta41 for NT/2000/XP releasedNew
features:- LM Hashes cryptanalysis
via sorted RainbowTables
Cain can now perform cryptanalysis
attacks on LM Hashes using RainbowCracks's sorted tables. This kind
of attack is pretty fast but works only on LM Hashes not encrypted
with a challenge. For informations on Rainbow Tables generation
and sorting please read the RainbowCrack's Tutorial (http://www.antsight.com/zsl/rainbowcrack/rcracktutorial.htm)

20/10/2003

Cain & Abel v2.5 beta40 for NT/2000/XP releasedNew
features:
- Cisco Config Uploader
Cain can now upload
configuration files to Cisco devices via SNMP/TFTP. This feature
works on routers and switches that support the OLD-CISCO-SYSTEM-MIB. TFTP server is NOT required.
-
Bug fixing and code cleanup

01/09/2003

Cain & Abel v2.5 beta36 for NT/2000/XP releasedNew
features:- NTLM Session
Security Password Cracker
The long awaited cracker for
NTLM Session Security authentications is finally available in this
version. Now, all kind of LM, NTLM and NTLMv2 Hashes with or without
NTLMSSP encapsulation are supported and can be "Sent to the
Cracker" for Dictionary and Brute-Force attacks.- IKE Aggressive Mode Pre-Shared Keys Cracker
The cracker works with both MD5 and SHA1 Hashes.- Sniffer filter
for IKE Aggressive Mode Pre-Shared Keys authentications
The sniffer
collects all the parameters needed to crack a Pre-Shared Key used
in IKE Aggressive Mode authentications (see RFC-2409 for details).
The
IKE-PSK sniffer/cracker has been successfully tested using a Cisco
VPN Client v4.0 and a Cisco PIX Firewall Version 6.3(1). Please
let me know your results.

01/07/2003

Cain & Abel v2.5 beta34 for NT/2000/XP releasedNew
features:
- Cisco Config Downloader
Cain can now download
the configuration file from Cisco devices via SNMP/TFTP. This feature
works on routers and switches that support the OLD-CISCO-SYSTEM-MIB
or the new CISCO-CONFIG-COPY-MIB. TFTP server is NOT required.- Bug fixing

13/05/2003

Cain & Abel classified as
one of the Top-75 Security ToolsThanks
to all of you out there that voted for Cain & Abel as one of
the Top-75 Security Tools available. For more informations check out the
complete list here.

09/04/2003

Cain & Abel v2.5 FAQ
startedI started to write a
document of frequently asked questions about the program. You
can find it in the Topics area.

Cain & Abel v2.5 beta21 for NT/2000/XP releasedNew features:- RSA
SecurID Tokens Calculator
The calculator produces valid
tokens given the serial number and the activation key of an RSA
SecurID device. These parameters are found in Token's activation
files typically named "something.ASC".- SSH-1 sniffer for APR
The
sniffer works in in FULL-DUPLEX-MODE decrypting both Client and
Server SSH-1 traffic.
It uses APR (Arp Poison Routing) so
the attacker's IP and MAC addresses can be totally spoofed and never
exposed on the network. APR and a Man-in-the-Middle situation is
also required because of the RSA asymmetric encryption used in SSH-1
negotiation's phase. The sniffer supports 3 symmetric encryption
algorithms: DES, 3DES and Blowfish. Zlib compression is not supported
in this version. The sniffer cannot decrypt SSH-1 traffic if directed
to/from the attacker's workstation. Automatic downgrade SSH-2
connections to SSH-1 if server version is v1.99. An example of
the output file produced from an SSH-1 session to a Cisco PIX firewall
in my test environment is available here.-
Promiscuous-Mode Scanner
The scanner tries various tests
based on non-standard ARP packets using the same Spoofing configuration
of APR.